The present invention relates generally to the field of user authentication, and more particularly to proxy-based authentication management.
Authentication in computer systems can be done in various ways and involves acquiring user or application characteristics or credentials and verifying them against a known value. In popular conventional authentication implementations, a user, which can be a person or an application, requesting a connection to a target will interact with a client (machine) which then provides client credentials to the target. Typically, the target is a server machine or server process providing a service to the client. Typically, direct connection is made to the target via a protocol. The target (or server) can be implemented either in hardware or by software. Upon receiving the client credentials, the target will authenticate the provided client credentials by comparing them with known values in order to verify the client and accordingly authorize (grant or deny) the request for connection. In this conventional authentication process, security breaches can occur at the client, at the target, and in the transfer of client credentials between the client and the target (during communications).